All posts by Tony E

My name is Tony E. I went to Anne Arundel Community College and particiapated in MACCDC 2014 & MACCDC 2015. I earned my Security+, CCNA & CCNP Route. I am currently working towards a full CCNP. I have competed in a few CTF's: Altamira Scram CTF 2.0 & Mitre 2014. Also other challenges: SANS DFIR (http://digital-forensics.sans.org/blog/2014/12/05/dfir-monterey-2015-network-forensics-challenge-released). I typically stay up all night reading security blogs, spinning up VMs, hacking/breaking things. Working on cisco gear. I have my own lab with 4 routers and switches and an ASA. I am firewall centric: Cisco, pfSense, iptables. I'm passionate about networking and security. I love asking 'will this work? and why?'. I am a participating member at my local hackerspace, Unallocated space, where I have built 2 Cisco half-rack rolling labs, for people to work on their CCNA. I have also built the Mame Arcade. The Arcade has been to more hacker con's than I have(#jealous). I love teaching, sharing information and learning. Every morning I run through ~12 techie news sites and blogs to keep my thumb on the pulse of this ever changing industry.

Offerings to the gods – Gifts for Red Team

I have participated in 2 MACCDC’s 2014 & 2015. As far as I know we are the only team that does this.

We bring in a gift for the Red Team in the morning of day 2 before competition start. We generally have and associate from our school drop it off so we don’t violate the direct contact clause in the rule manual.

In 2013 it was assorted donuts, and a card sealed with a kiss of red lipstick.

In 2014 we sent flowers, pink balloons and again a card with a kiss of red lipstick… I think.

This year, 2015, we bought a pineapple, hollowed it out. Filled it with cheap pink & blue dollar shooter bottles, and added WiFi antennae for looks. Boom. WiFi pineapple. Happy hacking.

I got 99 Problems...
I got 99 Problems…
To Red Team
To Red Team
With Love
With Love
WiFi Pineapple
WiFi Pineapple

MACCDC 2015 – Badges

This year’s competition was called “Operation Transit Storm” and was based on public transportation. It was only fitting that our badges fit the same theme. Larry Pesce (@haxorthematrix) did the badges as he has done in years past.

Upon entering on Thursday we were each given a blue etched badge on a lanyard with a RFID card glue to the back of it, a RasberryPi B+, a 3 page manual(Derpypot 1.0 Instructions) and verbal instructions that “this is a honey pot to use it if you wish. The login name and operating instructions are in the packet but you’ll have to figure out the password to login.”

Our blue badges were completely etched with something base64 encoded. We were all instructed to move into the auditorium were we would be briefed on the following days schedule of events.

Blue Etched Badge
MACCDC2015 Blue Etched Badge

While waiting we took out our badges and plugged in the etching into a base64 decoder.

BASE64 Decode
BASE64 Decode

rootkitthenutwork.net??? was this a typo? We checked the DNS TXT records, for rootkitthenutwork.net and didn’t get anything. We tried rootkitthenetwork.net and got:

DNS TXT Record
DNS TXT Record

We tried navigating to both sites but neither had any pages published.

A quick googling using the half of the quote that was given to us yielded the other half quickly.

What do I care about law?
What do I care about law?

Later that night it was confirmed that one of the teams bought rootkithenutwork.net and stood up a page with false clues for solving the puzzle. I forget which school it was but I thought that buying the domain that morning was pretty good.

The next morning I approached Larry and asked did he intentionally throw us off with the typo “nutwork”. He said no and that who ever owns that domain was just having fun with us. The difference was in translating the encoding from the badge to the decoder. If you thought it was a “1” it came out ‘nutwork’ if you thought it was a lower case “L” it comes out ‘network’.

cm9vdGtpdHRoZW51dHdvcmsuY29tlGRucyB0eHQ=

cm9vdGtpdHRoZW5ldHdvcmsuY29tlGRucyB0eHQ=

On the Pi is Tom’s Honeypot.